Protect your office from ransomware

July 18, 2016

By Jennifer Garvin

Washington — Is your office protected from ransomware?

Ransomware, a rapidly growing form of cyber attack, is a type of malicious software that encrypts a user's data and holds it for ransom. It can affect any computer device. Most ransomware infects systems through "spam, phishing messages, websites and email attachments," according to the Office of Civil Rights.

Health providers may find themselves particularly at risk as several health care organizations have recently "fallen victim to ransomware," according to Sylvia Burwell, secretary, U.S. Department of Health and Human Services, in a letter to the nation's health care executives.

"Cybersecurity is one of the most important challenges we face as a nation," said Sec. Burwell, noting that ransomware has the potential to disrupt a provider's ability to provide health services, inflict significant financial losses, damage sensitive data and expose it to a breach. It can also harm a provider's reputation.

If you think you are the victim of a ransomware attack, Sec. Burwell urges you to contact a local FBI or Secret Service field office.

To help health care entities better understand and respond to the threat of ransomware, the Office for Civil Rights has created Health Insurance Portability and Accountability Act guidance on ransomware.

The guidance recommends that offices conduct risk analyses to "identify threats and vulnerabilities to electronic protected health information" and also urges offices to: